This page is localized for your review. The English source documents remain the controlling legal version.
| Field | Value |
|---|---|
| Publisher | JYV STREAM LLC |
| Product | JyvGaming |
| Effective Date | April 27, 2026 |
| Document Version | v1.0 |
| Contact | legal@jyvstream.com |
This Data Processing Addendum ("DPA") forms part of the Agreement between JYV STREAM LLC ("Processor") and the Customer ("Controller") for JyvGaming. It governs Processing of Personal Data on Controller’s behalf and applies only where Controller is subject to GDPR, UK GDPR, or comparable data-protection laws.
Article 27 Representatives: JYV STREAM LLC has appointed Prighter Group GmbH (Schellinggasse 3/10, 1010 Vienna, Austria) as its EU GDPR representative and Prighter Ltd (20 Mortlake High Street, London, SW14 8JN, United Kingdom) as its UK GDPR representative pursuant to Article 27 GDPR and Article 27 UK GDPR respectively. Data subjects and supervisory authorities may contact these representatives at https://app.prighter.com/portal/11199242890.
1. Definitions
Capitalized terms used but not defined here have the meanings given in the GDPR. "Processing," "Controller," "Processor," "Sub-processor," and "Personal Data" have their GDPR meanings. "Agreement" means the Terms of Service or other commercial agreement between the parties.
2. Roles and Scope
Controller is the controller and Processor is the processor of Personal Data Processed under the Agreement. Each party shall comply with its obligations under applicable data-protection laws. Annex 1 sets out the subject matter, nature, purpose, duration, categories of data subjects, and types of Personal Data.
3. Processing Instructions
Processor shall Process Personal Data only on documented instructions from Controller (including those in the Agreement and this DPA), unless required to do otherwise by law, in which case Processor shall (where legally permitted) inform Controller before such Processing.
4. Confidentiality
Processor shall ensure that personnel authorized to Process Personal Data are bound by appropriate confidentiality obligations.
5. Security Measures
Processor shall implement and maintain the technical and organizational measures described in Annex 2 to ensure a level of security appropriate to the risk, including encryption in transit and at rest, access controls, secure SDLC, vulnerability management, logging, and incident response.
6. Sub-processors
Controller authorizes Processor’s use of the Sub-processors listed in the Sub-Processor List (incorporated by reference and published at https://jyvgaming.gg/legal/subprocessors). Processor shall: (a) impose data-protection obligations on each Sub-processor that are no less protective than those in this DPA; and (b) provide notice of new Sub-processors at least 30 days in advance, allowing Controller to object on reasonable data-protection grounds.
7. AI / GPU Processing Specifics
For audio inference performed by Modal Labs, Inc.: (a) Personal Data is anonymized prior to transmission; (b) inference occurs in volatile memory and raw inputs are deleted within ten (10) minutes of completion; (c) EU/UK Personal Data is routed to EU-based infrastructure, including GPU processing and supporting services; (d) Modal does not use Personal Data to train its own models; and (e) only operational metadata (timestamps, request IDs, error logs) is retained, for up to 30 days.
8. Data Subject Rights
Taking into account the nature of Processing, Processor shall reasonably assist Controller, by appropriate technical and organizational measures, to fulfill Controller’s obligation to respond to data-subject requests under Articles 15–22 GDPR.
9. Personal Data Breach
Processor shall notify Controller without undue delay (and within 72 hours where feasible) after becoming aware of a Personal Data Breach, including reasonably available information needed to meet Controller’s reporting obligations under Articles 33–34 GDPR.
10. Audits and Inspections
Processor shall make available all information necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections, conducted by Controller or an independent auditor. Audits shall be conducted no more than once per year (except following a Breach), with at least 30 days’ notice, during business hours, subject to confidentiality, and at Controller’s expense unless material non-compliance is identified.
11. Data Protection Impact Assessments
Processor shall provide reasonable assistance to Controller for DPIAs and prior consultations with supervisory authorities under Articles 35–36 GDPR.
12. Return or Deletion
Upon termination of the Agreement, Processor shall, at Controller’s choice, delete or return all Personal Data, and delete existing copies, unless retention is required by law.
13. International Transfers
EU/UK Personal Data is processed in EU regions for the purposes of providing the Service. If a transfer outside the EEA/UK is required, the parties shall rely on appropriate safeguards: the European Commission’s Standard Contractual Clauses (Module Two: Controller-to-Processor), supplemented by the UK Addendum, the terms of which are incorporated by reference. Annex 3 contains the SCC details should they apply.
14. Liability and Order of Precedence
In case of conflict between the Agreement and this DPA, this DPA prevails for matters of data protection. Each party’s liability under this DPA is subject to the limitations of liability in the Agreement.
15. Term
This DPA is effective on the Effective Date and continues until the end of the Agreement and any applicable retention.
Annex 1 — Subject Matter and Details
| Element | Detail |
|---|---|
| Subject matter | Processing of Personal Data necessary to provide JyvGaming. |
| Duration | Term of the Agreement plus statutory retention. |
| Nature and purpose | Provision of audio enhancement, AI inference, billing, and support. |
| Categories of data subjects | Authorized end users of the Customer. |
| Categories of Personal Data | Account identifiers; license metadata; anonymized audio frames; error logs; support correspondence. |
| Special-category data | None intentionally processed. |
| Frequency | Continuous. |
Annex 2 — Security Measures
- TLS 1.2+ in transit; AES-256 at rest where applicable.
- Role-based access control with least-privilege; mandatory MFA for production access.
- Signed binaries; reproducible builds; supply-chain checks (Dependabot/Snyk-equivalent).
- Continuous vulnerability scanning; documented patching SLA.
- Audit logging; 30-day operational log retention; SIEM-equivalent monitoring.
- Background checks for production-access personnel; annual security training.
- Documented incident-response and business-continuity plans.
- Encryption-at-rest for backups; key management with rotation.
Annex 3 — SCCs (if applicable)
| Module | Parties | Optional Clauses |
|---|---|---|
| Controller = Customer; Processor = JYV STREAM LLC | Clause 7 docking included; Clause 11(a) optional language excluded; Clause 17 Option 1, governed by the law of Ireland; Clause 18 Irish courts. |
UK Addendum: Tables 1–3 are completed using the Module Two details above; Table 4 — the Importer may end the Addendum if the ICO issues a revised Approved Addendum.
Contact
JYV STREAM LLC
7901 4th St N, Suite 33883, St. Petersburg, FL 33702, USA
General: support@jyvstream.com
Legal: legal@jyvstream.com
Privacy / DPO: privacy@jyvstream.com / dpo@jyvstream.com
Abuse: abuse@jyvstream.com
Website: https://jyvgaming.gg